If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Interesting Configuration

There is a CISCO 2821 connected with the incoming T1 lines, but the outgoing ports are misconfigured. Would one out going port go into the router and one into the firewall or would both go into the firewall?

I don't think that you would need two connections to the firewall. You would only have to connect one of the routers ports to the firewall and then the firewall to the switches or whatever.

Wouldn't this configuration cause traffice to jump the firewall?

If you mean connecting one port of the router to the firewall and the other one to a switch, then I would guess it would skip the firewall but I am not too sure. Traffic would probably go out of both ports, the one connected to the firewall would be accepted or denied, but even if it were denied, the other port would send it straght to the network. But I don't see why anyone would want to do that. Each of the two ports on the router should connect to separate networks so you should only need one connection to the firewall.

Never tried doing anything like that so I couldn't tell you exactly what would happen.

I believe in making the world safe for our children, but not our childrenís children, because I donít think children should be having sex. -- Jack Handey

From what I understand you have 2 ports from the router that are for the internal network?

One goes to a firewall, and the other to the network bypassing the firewall?

If this is the case, then it would depend on how the router is configured, maybe the one thats not plugged into the firewall is for a "DMZ" type connection for servers? You can configure the cisco routers to only forward traffic for certain IP's to X interface, and send traffic for any other IP to Y interface.

So I guess what I'm saying is, it depends on how your router is configured. It could be bypassing the firewall completely, or it could all be going through the firewall.

If you want, post a somewhat more detailed network map for your T1's, router, firewall...and if you want to, post your cisco router config (show running-config). I'll take a look at it and see if I can see anything as to how traffic is handled.

If you mean connecting one port of the router to the firewall and the other one to a switch, then I would guess it would skip the firewall but I am not too sure. Traffic would probably go out of both ports,

Not really, it would make a routing decision based on how it has been configured, it would never broardcast out on all interfaces.

It is not a conventional setup the way you are trying to do it...

Without knowing more details, it is hard to give detailed help but a more secure way would be to put the firewall in front of the router, directly connected to the incoming T1 link.

Then have a default route from the firewall to the next hop router, which will the route traffic according to your configuration, you can put further ACL's on the router to add an extra layer of security if needs be.

Or as cheyenne mentioned, if you have/want a DMZ, you could put the router with ACL's in front with the DMZ on one interface, then the other interface goes directly to the firewall and then on to your inside network, or depending on what firewall you have you can have the DMZ on a firewall interface and put the firewall in front of the router again.